What It Means When Apple Gets Hacked By A Teenager

A couple weeks ago, it was revealed that a 16-year-old teenager from Australia had been accessing various “secure” files on Apple servers, including files with customer information. This had been ongoing for months before he was finally identified and arrested.

While the hacker’s name is unknown since he is not yet an adult, he was evidently well-known in the underground hacking space. Over the course of several months, the teen was able to download approximately 90GB of files which contained customer account information in addition to data belonging to Apple. His method of gaining access is unknown, and he allegedly used VPNs in an attempt to hide his identity. Unfortunately for him, he used his own personal MacBooks which were properly registered with Apple, and it was a trivial matter to look up the serial numbers of the devices used in the attack and match them to a customer’s product registration.

What does it mean when a tech giant like Apple can be successfully hacked by a teenager? This individual is not someone who has spent decades researching security protocols and conducting extensive tests to defeat firewalls and encryption algorithms. Like many data breaches today, it’s possible that he simply exploited a weak point in Apple’s security. This weak point could have been a perimeter device that used a default admin login credential, an internet-facing database, or a careless employee not connecting to their VPN on a public network.

These critical oversights expose customers to significant risk, and put their data in jeopardy of being stolen by an attacker who doesn’t even need much technical skill. Unfortunately for internet users, these security holes are much more prevalent than one would hope. How, then, can consumers protect their data when it is stored in a cloud-based service like Apple’s iCloud?

The first step in reducing your risk exposure when using a cloud service is to minimize the data that you store in the cloud. These days, PCs and smart phones want to store all your data in the cloud, and will often set the cloud as your default storage mechanism unless you specifically opt out. Realize that you have a choice for where your data is stored, and don’t use a cloud service for files that you want to keep secure. Store them on a flash drive or external hard drive, and keep that media in a secure place. In this way, you have a backup copy of the data, but it’s not in the cloud and accessible to attackers.

If you must use cloud storage services, it is highly recommended that your files be encrypted prior to uploading them. While most cloud services will encrypt your data by default, it’s helpful to add a second layer of encryption where you are the only one who has the key to decrypt. A vendor has the ability to decrypt and share your data at any time if they hold the encryption keys, so retake that power and only allow your data to be decrypted when you want it to be.

In summary, it’s disappointing to see Apple’s security defeated so easily, and on multiple occasions. This serves as yet another reminder to add your own security controls to the protection of your data when using cloud services.